CVE-2012-0796
EPSS 0.19%PHPMailer vulnerable to email header injection
Published: 10/6/2022Modified: 11/8/2023
Also known as:GHSA-398j-f7m7-795j
Description
### Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. ### Patches Fixed in 2.2.1 ### Workarounds Filter user-supplied values prior to using them in From or Sender properties. ### References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
Affected packages (1)
- Packagist/phpmailer/phpmailerfrom 0, < 2.2.1
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-0796
- PATCHhttps://github.com/PHPMailer/PHPMailer
- WEBhttp://moodle.org/mod/forum/discuss.php?d=194015
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=783532
- WEBhttps://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-398j-f7m7-795j
- WEBhttps://git.moodle.org/gw?p=moodle.git&a=commit&h=62988bf0bbc73df655f51884aaf1f523928abff9
- WEBhttp://www.debian.org/security/2012/dsa-2421